Tag: IFTTT

Angler EK leads to fileless Gootkit – Cyphort http://ift.tt/2aWlrOp On January 27, 2016 Cyphort Labs discovered a site infected with Angler EK leading to a fileless Gootkit (a.k.a. XswKit) malware. The site was redirecting visitors to the malware through a compromised OpenX Ad server injecting a malicious iframe into the page. The iframe leads to Angler EK which…

The Dukes: 7 Years Of #Russian #Cyber-#Espionage http://ift.tt/2aUnwOg Today we release a new whitepaper on an APT group commonly referred to as “the Dukes”. We believe that the Dukes are a well-resourced, highly dedicated, and organized cyber-espionage gr… See it on Scoop.it, via Advanced Threats,Intelligence Technology,CyberSecurity APT via Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it http://ift.tt/1PrSk69 July…

Massive AdGholas Malvertising Campaigns Use Steganography and File Whitelisting to Hide in Plain Sight http://ift.tt/2aWl1Yh Proofpoint and Trend Micro researchers collaborated to detect and analyze a sophisticated, previously undocumented malvertising campaign that exposed millions of users every day to attacks that employed steganography and multi-layered filtering.  See it on Scoop.it, via Advanced Threats,Intelligence Technology,CyberSecurity APT…

The Mad Max DGA http://ift.tt/2a5e7iv This post describes a domain generation algorithm (DGA) used by the “Mad Max” malware family. Mad Max is a targeted trojan, and we plan to post a follow-up article that documents our findings regarding the features of the Mad Max malware itself. But for now we will focus on the…

Attackers Disguise Macro Malware by Renaming Files http://ift.tt/2aBvCGc Malware operators can hide the use of malicious macros to distribute malware by simply renaming the offending Office documents, Cisco researchers reveal. Microsoft switched macros off by default in 2007, and also introduced new file formats that no longer supported macros, but cybercriminals have discovered ways of…

Telegram massive hack in Iran, what is happened? http://ift.tt/2aKelg6 Hackers accessed Telegram accounts in Iran, a security duo investigated the security breach and will present its findings at the Black Hat Conference. 15 million Iranian Telegram accounts have been compromised, users have reportedly had their personal information exposed (phone number, Telegram ID). The security researchers…

New attack steals personal details, e-mail addresses from HTTPS pages http://ift.tt/2aw1USi Enlarge (credit: Vanhoef, Van Goethem) The HTTPS cryptographic scheme protecting millions of websites is vulnerable to a newly revived attack that exposes encrypted e-mail addresses, social security numbers, and other sensitive data even when attackers don’t have the ability to monitor a targeted end…

Oops, they did it again: Cisco finds new vulns in kit it patched in June http://ift.tt/2auIOxV Some Cisco wireless routers patched in June have made it back onto sysadmins’ sleepless night lists again. The RV110W, RV130W and RV215 (which had an HTTP parsing vuln previously) have turned up a command line interface parsing bug. While…

New Gozi Malware Heads for U.S. Financial Institutions – Credit Union Times http://ift.tt/2aSwrPI buguroo Labs researchers identified newly-evolved versions of Gozi malware that are actively targeting financial institutions, including PayPal, ING Bank and the Bank of Tokyo, leaving organizations that rely on traditional fraud defense tools at risk. Experts…